Skip to content

v0.7.1

Choose a tag to compare

View all tags
@Astro-Han Astro-Han released this 31 Mar 15:49
· 38 commits to main since this release
v0.7.1
971f248

What's Changed

  • Harden /tmp cache handling against local attacks. Moves all cache files from shared /tmp to a private per-user directory ($XDG_RUNTIME_DIR/claude-pace or ~/.cache/claude-pace). Adds numeric validation on all cache-read fields before arithmetic evaluation, replaces echo -e with printf '%s\n' to prevent terminal escape injection, and switches the cache record delimiter from | to ASCII Unit Separator so branch names containing | cannot corrupt field parsing. When no safe cache directory is available, caching is disabled entirely and the script falls back to live computation.

    Thanks to @mairas for flagging the /tmp safety concern in #6.

Full Changelog: v0.7.0...v0.7.1

Contributors

mairas
Assets 2
Loading